3-round weak zero-knowledge proofs for [Nu] [Rho]

Home
→
MIT Libraries
→
MIT Theses
→
Theses - Dept. of Electrical Engineering and Computer Sciences
→
Electrical Engineering and Computer Sciences - Master's degree
→
View Item

dc.contributor.advisor	Shafi Goldwasser.	en_US
dc.contributor.author	Lim, Dah-Yoh, 1978-	en_US
dc.contributor.other	Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.	en_US
dc.date.accessioned	2005-09-27T16:56:20Z
dc.date.available	2005-09-27T16:56:20Z
dc.date.copyright	2004	en_US
dc.date.issued	2004	en_US
dc.identifier.uri	http://hdl.handle.net/1721.1/28547
dc.description	Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.	en_US
dc.description	In title on t.p., "[Nu]" and "[Rho]" appear as upper-case Greek letters.	en_US
dc.description	Includes bibliographical references (p. 57-61).	en_US
dc.description.abstract	(cont.) to the verifier.	en_US
dc.description.abstract	We consider an implementation of a weakened notion of zero-knowledge (weak ZK) where the simulator is also allowed to depend on the distinguisher as well, so this type of ZK entails exhibiting an efficient simulator for every efficient (Verifier, Distinguisher) pair. This notion is interesting because in many applications of ZK protocols, weak ZK is actually enough. In addition, Goldreich and Krawczyk's proof (SICOMP 1996) of the non-existence 1 of 3-round black-box ZK protocols carries over to weak ZK directly, so we know that 3-round black-box weak ZK protocols do not exist. In this thesis we are concerned with 3-round proofs for hP: under the standard computational Diffie-Hellman assumption, we construct a 3-round weak ZK proof for NP [nu rho] with inverse-polynomial soundness error. To the best of our knowledge, there have been two constructive results, of Hada and Tanaka (Crypto 1998) and Lepinski (MIT Master's thesis 2001) respectively, stating that assuming some non-standard assumptions, 3-round (traditional) ZK protocols (arguments or proofs respectively) for NP [nu rho] with negligible soundness error do exist. We use the idea of intertwining Oblivious Transfer with a ZK protocol given by Lepinski to prove our result. For every verifier and distinguisher, we construct a different simulator. The technique of simulation is novel and we believe it will have future uses. For instance, our protocol is actually WI with negligible soundness error, by virtue of Feige and Shamir's result (STOC 1990) that WI protocols do compose in parallel. Furthermore, since the first two rounds of our protocol are actually independent of the theorem to be proven, we can think of these two rounds as an interactive setup phase after which the prover can non-interactively prove	en_US
dc.description.statementofresponsibility	by Dah-Yoh Lim.	en_US
dc.format.extent	61 p.	en_US
dc.format.extent	2660263 bytes
dc.format.extent	2665836 bytes
dc.format.mimetype	application/pdf
dc.format.mimetype	application/pdf
dc.language.iso	en_US
dc.publisher	Massachusetts Institute of Technology	en_US
dc.rights	M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission.	en_US
dc.rights.uri	http://dspace.mit.edu/handle/1721.1/7582
dc.subject	Electrical Engineering and Computer Science.	en_US
dc.title	3-round weak zero-knowledge proofs for [Nu] [Rho]	en_US
dc.title.alternative	Three-round weak ZK proofs for [Nu] [Rho]	en_US
dc.type	Thesis	en_US
dc.description.degree	S.M.	en_US
dc.contributor.department	Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.	en_US
dc.identifier.oclc	57401138	en_US